[Devel] Re: container-to-host virtual or loopback kind of interface support

Quoting Elwin Stelzer Eliazer (stelz...@gmail.com): Hi, I am trying to use network namespace for virtualizing some socket applications i already have. These applications interact with Apache through 'lo' 127.0.0.1:nnn sockets now. When i virtualize, i do not want to run Apache inside the

[Devel] Re: [PATCH] Add a multi-process IPC test

DS This test forks off several children in various states to ensure DS that the IPC namespace information is properly restored after DS restart. I should have mentioned that this test behaves as expected with the latest IPC patches from Oren. If I run it and wait about ten seconds to checkpoint

[Devel] Re: [PATCH] Add a multi-process IPC test

Quoting Dan Smith (da...@us.ibm.com): This test forks off several children in various states to ensure that the IPC namespace information is properly restored after restart. Thanks, Dan. I've got a few other simple c/r tests collected which I want to automate in the next few days so one can

[Devel] Re: [PATCH] Add a multi-process IPC test

SH Thanks, Dan. I've got a few other simple c/r tests collected SH which I want to automate in the next few days so one can just run SH 'check_cr' and get a list of pass/fails. I'll also add some tests SH which Nathan had written for IPC. Hmm, I suppose the easiest SH thing for now will be to

[Devel] Re: [RFC v14-rc3][PATCH 33/36] Support for share memory address spaces

Quoting Oren Laadan (or...@cs.columbia.edu): The task address space (task-mm) may be shared between processes if CLONE_VM is used, and particularly among threads. Accordingly, treat 'task-mm' as a shared object: during checkpoint check against the objhash and only dump the contents if seen for

[Devel] Re: [RFC v14-rc3][PATCH 32/36] Export fs/exec.c:exec_mmap()

Quoting Oren Laadan (or...@cs.columbia.edu): Used in the next patch to attach an existing mm descriptor to a restarting process. Signed-off-by: Oren Laadan or...@cs.columbia.edu Acked-by: Serge Hallyn se...@us.ibm.com --- fs/exec.c |2 +- include/linux/mm.h |3 +++ 2

[Devel] Re: [RFC v14-rc3][PATCH 14/36] c/r of restart-blocks: export functionality used in next patch

Quoting Oren Laadan (or...@cs.columbia.edu): To support c/r of restart-blocks (system call that need to be restarted because they were interrupted but there was no userspace visible side-effect), export restart-block callbacks for poll() and futex() syscalls. More details on c/r of

[Devel] Re: [RFC v14-rc3][PATCH 35/36] c/r: Add UTS support (v6)

Quoting Oren Laadan (or...@cs.columbia.edu): Just a little bisect booboo I noticed while looking at patch 36/36, which fixes this up: +static int cr_write_namespaces(struct cr_ctx *ctx, struct task_struct *t) +{ + struct cr_hdr h; + struct cr_hdr_namespaces *hh; + struct nsproxy

[Devel] Re: [RFC v14-rc3][PATCH 36/36] Stub implementation of IPC namespace c/r

Quoting Oren Laadan (or...@cs.columbia.edu): From: Dan Smith da...@us.ibm.com Changes: - Update to match UTS changes Signed-off-by: Dan Smith da...@us.ibm.com Signed-off-by: Oren Laadan or...@cs.columbia.edu Acked-by: Serge Hallyn se...@us.ibm.com However... + if (!!ipc_ns ^

[Devel] Re: [RFC v14-rc3][PATCH 33/36] Support for share memory address spaces

Serge E. Hallyn wrote: Quoting Oren Laadan (or...@cs.columbia.edu): The task address space (task-mm) may be shared between processes if CLONE_VM is used, and particularly among threads. Accordingly, treat 'task-mm' as a shared object: during checkpoint check against the objhash and only

[Devel] Re: [RFC v14-rc3][PATCH 33/36] Support for share memory address spaces

Quoting Oren Laadan (or...@cs.columbia.edu): Serge E. Hallyn wrote: Quoting Oren Laadan (or...@cs.columbia.edu): The task address space (task-mm) may be shared between processes if CLONE_VM is used, and particularly among threads. Accordingly, treat 'task-mm' as a shared object:

[Devel] Re: [RFC v14-rc3][PATCH 33/36] Support for share memory address spaces

On Thu, 9 Apr 2009, Serge E. Hallyn wrote: Quoting Oren Laadan (or...@cs.columbia.edu): Serge E. Hallyn wrote: Quoting Oren Laadan (or...@cs.columbia.edu): The task address space (task-mm) may be shared between processes if CLONE_VM is used, and particularly among threads.

[Devel] Re: [PATCH] devcgroup: skip superfluous checks when found the DEV_ALL elem

On Tue, 07 Apr 2009 13:47:16 +0800 Li Zefan l...@cn.fujitsu.com wrote: While walking through the whitelist, if the DEV_ALL item is found, no more check is needed. It's unobvious whether this is a behavioural change, a bugfix or just a speedup? diff --git a/security/device_cgroup.c

[Devel] Re: [RFC v14-rc3][PATCH 33/36] Support for share memory address spaces

Quoting Oren Laadan (or...@cs.columbia.edu): On Thu, 9 Apr 2009, Serge E. Hallyn wrote: During task creation, the algorithm implies that the thread group leader is created first, and it in turn clones all the other threads in the thread group. So now they all share the same MM, and no

[Devel] Re: [PATCH] devcgroup: skip superfluous checks when found the DEV_ALL elem

Andrew Morton wrote: On Tue, 07 Apr 2009 13:47:16 +0800 Li Zefan l...@cn.fujitsu.com wrote: While walking through the whitelist, if the DEV_ALL item is found, no more check is needed. It's unobvious whether this is a behavioural change, a bugfix or just a speedup? It's a speedup. I

[Devel] [PATCH 01/30] headers: fixup cred.h, ipc_namespace.h

cred.h uses __init ipc_namespace.h uses kern_ipc_perm. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cred.h |1 + include/linux/ipc_namespace.h |2 ++ 2 files changed, 3 insertions(+) --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -13,6 +13,7

[Devel] [PATCH 00/30] C/R OpenVZ/Virtuozzo style

This is to show how we see C/R and to provoke discussion on number of important issues (mounts, ...). This is small part of long-awaited to be cleanuped code. It's able to restore busyloop on i386 and x86_64 and restore i386 busyloop on x86_64. It wasn't tested much more than that. I'm

[Devel] [PATCH 04/30] ipcns: add create_ipc_ns()

clone_ipc_ns() is misnamed, it doesn't clone anything and doesn't uses passed parameter. Rename it. create_ipc_ns() will be used by C/R to create ipcns on restart. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/ipc_namespace.h |1 + ipc/namespace.c |

[Devel] [PATCH 06/30] netns: don't get/put old netns on CLONE_NEWNET

copy_net_ns() doesn't copy anything, it creates fresh netns, so get/put of old netns is unneeded. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- net/core/net_namespace.c |5 + 1 file changed, 1 insertion(+), 4 deletions(-) --- a/net/core/net_namespace.c +++

[Devel] [PATCH 05/30] nsproxy: add create_nsproxy()

clone_nsproxy() does useless copying of old nsproxy -- every pointer will be rewritten to new ns or to old ns. Remove copying, rename clone_nsproxy(), it will be used by C/R code to create fresh nsproxy on restart. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- kernel/nsproxy.c | 19

[Devel] [PATCH 03/30] ipcns: remove useless get/put while CLONE_NEWIPC

copy_ipcs() doesn't actually copy anything. If new ipcns is created, it's created from scratch, in this case get/put on old ipcns isn't needed. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- ipc/namespace.c |6 +- 1 file changed, 1 insertion(+), 5 deletions(-) ---

[Devel] [PATCH 07/30] netns: extract net_create()

net_create() will be used by C/R code to create fresh netns on restart. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/net/net_namespace.h |1 + net/core/net_namespace.c| 44 2 files changed, 21 insertions(+), 24

[Devel] [PATCH 08/30] i386: ifdef out struct thread_struct::fs

After commit 464d1a78fbf8cf6c7fd970e7b3e2db50a320ce28 aka [PATCH] i386: Convert i386 PDA code to use %fs %fs saved during context switch moved from thread_struct to pt_regs. Ifdef out it on i386. I don't understand why .fs (OK, .gs first) initializer was added, kernel clearly stopped touching it

[Devel] [PATCH 30/30] cr: ipc_ns

Create/restore ipc_ns as an object, restore sysctl values. FIXME: restoration of sysctls is buggy as-is, values should be written at the very last moment FIXME: actual restoration of IPC objects. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h | 14 +

[Devel] [PATCH 29/30] cr: tty/pty

FIXME: opened tty won't passed -checkpoint check. currently in desperate need on how to test it. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h | 37 kernel/cr/Kconfig |1 kernel/cr/Makefile |1 kernel/cr/cpt-sys.c |6 +

[Devel] Re: [PATCH 00/30] C/R OpenVZ/Virtuozzo style

On Fri, Apr 10, 2009 at 06:32:07AM +0400, Alexey Dobriyan wrote: This is to show how we see C/R and to provoke discussion on number of important issues (mounts, ...). This is small part of long-awaited to be cleanuped code. It's able to restore busyloop on i386 and x86_64 and restore i386

[Devel] [PATCH 22/30] cr: deal with opened files

C/R tsk-files and opened files! fd should have struct file::checkpoint ;-) Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h | 16 +++ kernel/cr/cpt-sys.c |6 + kernel/cr/cr-file.c | 249 kernel/cr/cr-task.c |

[Devel] [PATCH 19/30] cr: deal with nsproxy

To save nsproxy, or to not save nsproxy? Don't think much, save it. I argue that nsproxy should be removed totally, if someone thinks otherwise. ;-) The idea is that relations between in-kernel data structures close map relations in dumpfile. Signed-off-by: Alexey Dobriyan adobri...@gmail.com

[Devel] [PATCH 20/30] cr: deal with UTS stuff (struct uts_namespace)

Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h | 14 + kernel/cr/Kconfig |1 kernel/cr/Makefile |1 kernel/cr/cpt-sys.c|6 ++ kernel/cr/cr-nsproxy.c | 21 +++- kernel/cr/cr-uts.c | 123

[Devel] [PATCH 15/30] cr: x86_64 xstate support

Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h|3 ++ kernel/cr/cr-x86_64.c | 72 -- 2 files changed, 67 insertions(+), 8 deletions(-) --- a/include/linux/cr.h +++ b/include/linux/cr.h @@ -140,6 +140,9 @@ struct

[Devel] [PATCH 21/30] cr: deal with pid/pidns

C/R struct pid and struct pid_namespace. Userspace should see same pids as before. -last_pid is visible though /proc/loadavg, so it needs to be dumped too, sigh. FIXME: restoration of pidns is recursive. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h|

[Devel] [PATCH 25/30] cr: deal with credentials

Dump/restore struct cred, struct user, struct user_namespace, struct group_info FIXME: restore struct user FIXME: restore struct file::f_cred Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h | 46 include/linux/cred.h |1 kernel/cr/Kconfig|1

[Devel] [PATCH 16/30] cr: x86_64 LDT support

FIXME: actual LDT restore Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- kernel/cr/cr-x86_64.c | 22 +- 1 file changed, 13 insertions(+), 9 deletions(-) --- a/kernel/cr/cr-x86_64.c +++ b/kernel/cr/cr-x86_64.c @@ -1,6 +1,7 @@ /* Copyright (C) 2000-2009 Parallels

[Devel] [PATCH 17/30] cr: extend arch_setup_additional_pages()

Add start argument, it will be used to map vDSO to exactly same place on restart(2). Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- arch/powerpc/include/asm/elf.h |1 + arch/powerpc/kernel/vdso.c |2 +- arch/s390/include/asm/elf.h|2 +-

[Devel] [PATCH 11/30] cr: i386 support

Segment registers abstraction is done to allow i386 = x86_64 COMPAT=y migration. What is unsupported is in cr_arch_check_task_struct(). FIXME: support more that busyloop. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- arch/x86/include/asm/unistd_32.h |2

[Devel] [PATCH 24/30] cr: deal with signals

Dump signal_struct, sighand_struct. FIXME: correstly restore, check everything Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h | 28 include/linux/signal.h |1 kernel/cr/Makefile |1 kernel/cr/cpt-sys.c| 12 + kernel/cr/cr-signal.c |

[Devel] [PATCH 27/30] cr: deal with netns

netns is full of questions too. Restore netns itself, and core.somaxconn, unix.max_dgram_qlen for start. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h | 13 + kernel/cr/Kconfig |1 kernel/cr/Makefile |1 kernel/cr/cpt-sys.c|6 ++

[Devel] [PATCH 26/30] cr: mount namespace

This is one big FIXME: What to do with overmounted files? What to do with mounts at all, who should restore them? just restore something to not oops on task exit Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- fs/namespace.c| 22 ++--

[Devel] [PATCH 13/30] cr: i386 LDT support

FIXME: LDT actual restoration Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- kernel/cr/cr-x86_32.c | 21 + 1 file changed, 13 insertions(+), 8 deletions(-) --- a/kernel/cr/cr-x86_32.c +++ b/kernel/cr/cr-x86_32.c @@ -1,6 +1,7 @@ /* Copyright (C) 2000-2009

[Devel] [PATCH 09/30] x86_64: ifdef out struct thread_struct::ip

struct thread_struct::ip isn't used on x86_64, struct pt_regs::ip is used instead. kgdb should be reading 0, but I can't check it. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- arch/x86/include/asm/processor.h |2 ++ arch/x86/kernel/kgdb.c |2 +- 2 files changed, 3

[Devel] [PATCH 23/30] cr: deal with fs_struct

Dump umask, root, pwd. root, pwd are dumped as names returned by d_path. FIXME, FIXME, FIXME: think through what to do with overmount and vfsmount themselves!!! FIXME: restore root, pwd, tsk-fs itself Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h | 12 +++

[Devel] [PATCH 12/30] cr: i386 xstate support

Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h|3 +++ kernel/cr/cr-x86_32.c | 49 ++--- 2 files changed, 45 insertions(+), 7 deletions(-) --- a/include/linux/cr.h +++ b/include/linux/cr.h @@ -96,6 +96,9 @@ struct

[Devel] [PATCH 28/30] cr: sockets

Nothing will be dumped because socket file_operations aren't ready. This is one big FIXME item. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- include/linux/cr.h|8 kernel/cr/Makefile|1 kernel/cr/cpt-sys.c |6 +++ kernel/cr/cr-net.c|7 +++

[Devel] [PATCH 18/30] cr: restore vDSO on i386/x86_64

FIXME: check VMA has same parameters. FIXME: abort if target kernel has vDSO disabled (?) FIXME: restore pages, vDSO is writable after all. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- arch/x86/vdso/vdso32-setup.c |6 ++ include/linux/cr.h | 11 +

[Devel] [PATCH 14/30] cr: x86_64 support

Now x86 matrix of migration is: task/kernel kernel -- i386/i386 = i386 i386/i386 = x86_64 i386/x86_64 = i386 i386/x86_64 = x86_64 x86_64/x86_64 = x86_64

[Devel] Re: [PATCH 02/30] Remove struct mm_struct::exe_file et al

On Fri, Apr 10, 2009 at 06:33:12AM +0400, Alexey Dobriyan wrote: Commit 925d1c401fa6cfd0df5d2e37da8981494ccdec07 aka procfs task exe symlink. introduced struct mm_struct::exe_file and struct mm_struct::num_exe_file_vmas. The rationale is weak: unifying MMU and no-MMU version of /proc/*/exe

[Devel] Re: [PATCH 09/30] x86_64: ifdef out struct thread_struct::ip

On Fri, Apr 10, 2009 at 06:35:22AM +0400, Alexey Dobriyan wrote: struct thread_struct::ip isn't used on x86_64, struct pt_regs::ip is used instead. kgdb should be reading 0, but I can't check it. Signed-off-by: Alexey Dobriyan adobri...@gmail.com --- arch/x86/include/asm/processor.h

[Devel] Re: [PATCH 00/30] C/R OpenVZ/Virtuozzo style

Hey Alexey, I'm curious how you see these fitting in with the work that we've been doing with Oren. Do you mean to just start a discussion or are you really proposing these as an alternative to what Oren has been posting? -- Dave ___ Containers